Threat Protection


Sophos Central is architected so that all machines are user-less, requiring no interaction, allowing machines to be locked down and hardened. Machines are built from pristine sources, thanks in part to our secure digital code signing process, and only execute the prescribed software from engineering as part of creating the machine gold image.

Similarly, to database server instances, machines that comprise Sophos Central can be destroyed and rebuilt at any time without data loss.


Every 3 weeks, the gold images for virtual machines are upgraded with the latest software libraries and applications. No virtual machine instance exists for longer than 3 weeks, with old instances being destroyed and new instances deployed based on the new gold images.

Should a vulnerability be found via the vulnerability dependency framework, internal or external testing, bug bounty program, or other means, patching and redeployment take place as part of the vulnerability response program.

Security Monitoring and Response

Sophos’ global security team monitor all logging data from Sophos Central and its related services 24/7/365. Central has forensic capabilities in the event of a data breach for rapid incident response.